Where did all this spam come from? You may ask yourself that question a lot. Well, it comes from many people, some not with the best of intentions. In fact, spam accounts for 48.16% of the email traffic worldwide, per Statista. So how do we manage not to click on something that results in successful phishing for an attacker? That’s a great and very important question that everyone should ask himself or herself, especially when it comes to messages that are so incredibly difficult to determine if they are real or not.

There are clues, however that can give it away, if you pay attention.

Setting Expectations. If you are not expecting a link or email in a message, it should throw up all kinds of red flags. Now, we realize that sometimes a family member or friend cannot help but send you a link to a funny cat video they know you’ll love, and that may be OK. However, they should preface it with a note or something to help you feel confident that’s really what it is. If it’s just forwarded with no personalized message, give them a call or send them a completely new email message to ask if it’s legit. Don’t reply to the message. Cybercriminals are become very adept at making sure they tick all the boxes when they are crafting messages. They even set up their very own support centers to take calls and they put the phone numbers and email addresses for them in those email messages.

Look for typos. Yes, they often still do make those types of mistakes, as well as grammatical errors too. If you see them, that email should go directly into the trash.

Read the email messages. Use eagle eyes. This is ESPECIALLY true if it’s coming from your financial institution or other important organization telling you to be aware of something. For example, a very realistic one went around recently pretending to be Chase Bank claiming that a payment had been scheduled. Of course it was designed to try to get recipients to panic and click a link. Just don’t. Stop. Breathe. You always have that much time. No email is THAT critical. Log into your account directly using your app, a browser with a bookmarked link, or call the institution to get to the bottom of it. It’s likely that if you do that, you’ll find out very quickly that the email was phishing, and you should delete it immediately.

Do you have an account with them? This last one may seem silly, but it has actually fooled people. If you don’t have an account from the sender letting you know you have an account problem, you can assume right away that it’s phishing. Yes, I know you’re shaking your head in disbelief and thinking “who would fall for a Netflix scam when they don’t have a Netflix account?” Well, people. That’s who. It’s because the crafting of these phishing messages has become so darn good. Yes, sometimes we have a lot of credit cards and may forget one we don’t use, for example, but it’s important to know what accounts you do have. This goes even if your significant other is in charge of managing them. So if you don’t have a Chase account…well, you know what not to do.

Can you tell the difference between a real email and a malicious email? In this segment Jim Stickley sends malicious emails to Today Show staff members and shows just how easy it is to fall victim. Jim walks through the simple steps taken by criminals to develop a believable phishing scam and shows how quick it can be done.

The name Dridex may be familiar to some. Recently, it was found by researchers at Trustwave in yet a new form that targets users of the cloud-based accounting firm, Xero. It is one of the most notorious banking Trojans and is designed to hang out on the infected computer and monitor browsing activity. It lurks in the background just waiting to steal sensitive information that is related to financial institutions in a list. It’s been active over the past year and has been evolving with each iteration.

An email message arrives with a subject similar to “Xero Billing Notifications” with a sender’s email address from the domain “xeronet.org,” which is not the correct name of the company's website. So don’t be fooled by this. Inside the email message are several links that appear to go to different places, but when the links are clicked, malware is executed hat steals personal and sensitive information.

1. Phishing is still the primary way malware makes its way onto computers, mobile devices, and networks. Although the phishers are getting better at fooling us, there are still some clues that an email may be doing the bidding of cybercriminals.

2. If you are not expecting an email from the sender with any links or attachments, confirm that it was intended and is not malicious before clicking anything. Don’t reply to the sender. Instead, use the telephone, a text message, a personal visit, or a completely new email sent to an address you know belongs to the sender to ensure the link is safe to be opened.

3. Hover over links with the mouse pointer before clicking. When you do this, you can see the entire link address. If it looks odd, don’t trust it. You can hold down for several seconds (at least three) on mobile links to see the entire address too. Just be careful to hold it long enough so it doesn’t accidently redirect you to that link.

4. Phishers still make typos and fail to punctuate properly from time-to-time. Watch for those clues.

5. No matter how many tools are implemented, a large amount of spam still makes it through to your inbox. Anti-malware and spam filters may take care of some of it, but it certainly doesn’t catch it all. So, always pay attention to the message and what it’s asking before clicking anything.

If you are a busy person, as we all are, it might be worth a little bit of time to study your email replies before clicking on anything within them. In a recent Comodo Threat Intelligence Lab Report is information on a new iteration of the typical phishing email message. Instead of merely looking like it’s from someone you know or a vendor with which you are familiar to catch you off guard, it now even looks like a reply to one of your own previous inquiries.

The typical format of this new one resembles a message you may receive from a shipper or vendor when you do legitimately ship something. The subject starts with the familiar “Re:” followed by subject such as “shipping information.” However, the included, which is disguised to look like a link to a label or status update will actually redirect users to a site that downloads malware.

To avoid deploying any type of malware onto your work network, be sure you take a little bit of time to review any links or attachments inside email messages before taking any action. Although it is getting more and more difficult to detect the fake ones these days, you can still go through the motions and usually make the right choice.

Carefully review the text for misspellings and grammatical and punctuation errors. These still happen, even though less frequently.

Watch for imperfections in the logos or other graphics.

Hover the mouse pointer over the link to make sure it’s headed where you think it should be. If it just looks like a bunch of random characters, it probably is not a real link.

Look for extra spaces, underscores and special characters littering the URL. In the image posted by Comodo, there is an extra space at the beginning where it should be “www.”

The attack documented in this report lasted for about seven hours, targeted 50 enterprise customers, and affected approximately 3,000 users. It used 585 IP addresses throughout the world. However, the vast majority of those (513) were located within the U.S.

It’s easy to get overwhelmed with activities at work. There is a lot to get accomplished these days and sometimes, even eight hours at the office doesn’t seem long enough. Those in middle management are even more at risk of being victims of phishing emails. So, rather than click through just to get the “new message” dot to disappear from your messages, spend a few seconds reviewing any links or attachments. Then you can avoid setting off potentially another WannaCry incident.

The combination of human nature and Facebook are currently a phisherman's greatest ally. According to research, curiosity is phishing’s finest friend and Facebook as a close second. Educating consumers on how to avoid even the most basic phishing scams apparently goes out the window when it comes to Facebook users. Scammers know combining the two provides extra fertile phishing grounds and they’re not shy about doing it.

Phishers are constantly refining the methods they use, always looking to improve what works and where it works best. Researchers are trying to understand what’s at the heart of successful phishing and why knowing users still fall for it. When they do fall for it, it appears Facebook is the place it happens most. German researchers studied what compels people to click on those links and where it happens most often. Thanks to this study (Unpacking Spear Phishing Susceptibility), the numbers tell an interesting, eh, phishing tale.

In this study, phishing lures were sent to email and Facebook users alike. An alarming 42.5% of Facebook users opened links sent to them on Facebook, while only 20% of those using email clicked links. Users were twice as vigilant toward email links, but not so much with Facebook lures. So why do twice as many phishing scams work on Facebook? Their research shows the informality and ease of Facebook messaging lends itself to perceived security and a more relaxed attitude toward links.

Researchers stress the importance of curious human nature as something phishers count on. Perhaps a simple message using your name in the title or a perceived connection to you or someone you know flips your curiosity switch. Beware the thought of combining that curious nature with your Facebook account. It’s working great for phishers but not at all for users.

In fact, of the 1,255 students surveyed, 42.5% of them had no fear clicking on Facebook links, even if they knew that the photos sent to them were not specifically intended for them. They were simply curious.

This study suggests a common-sense approach to links on Facebook.

Leave curiosity to the cats when using Facebook.

Before clicking a link, always do what you can to trace and/or verify the source.

Beware of Facebook messages and links trying to lure your curiosity, appearing to be from “friends of friends” or interests you keep tabs on.

Sad but true, Facebook or email…phishing scams are continually improving by becoming more targeted and more sophisticated to survive. Although security-minded users are putting up a fight, it’s proving quite a struggle. It seems that for now researchers can only focus on understanding the success of phishing efforts after they’ve happened. What we can count on as users, are scammers polishing their next lures and where to place them.

We use cookies to give you a more relevant browsing experience and improve our website. Using this site means that you agree with our use of cookies policy.

Chances are pretty good that you have heard the term business email compromise or BEC by now. It is a type of wire transfer fraud that the FBI has deemed one of the most prevalent types of scam going around these days. In 2017, there were over 15,690 complaints that resulted in total adjusted losses of more than $675 million. That is an 87% increase over 2016 and it is expected to continue to rise. The Identity Theft Resource Center (ITRC) reported that of the fraud related complaints reported in 2017, the most common type was wire transfer fraud.

Chances are pretty good that you have heard the term business email compromise or BEC by now. It is a type of wire transfer fraud that the FBI has deemed one of the most prevalent types of scam going around these days. In 2017, there were over 15,690 complaints that resulted in total adjusted losses of more than $675 million. That is an 87% increase over 2016 and it is expected to continue to rise. The Identity Theft Resource Center (ITRC) reported that of the fraud related complaints reported in 2017, the most common type was wire transfer fraud.

This Privacy Policy applies to and is provided on behalf of Stickley on Security. (collectively referred to as "We", "Us", or "Our") and describes Our information gathering
practices and policies in connection with this Site. We value your ("User", "You", or "Your") privacy and recognize the sensitivity of Your personal information. We are
committed to protecting Your personal information and using it only as appropriate to provide You with the best possible service, products, and opportunities. Use of this
Site constitutes consent to Our collection and use of personal data as outlined herein.

COLLECTION AND USE OF PERSONAL INFORMATION FROM SITE USERS

We collect personally identifiable information from Users who provide it to us for billing purposes. For example, We collect Your name, street address, city, state, zip
code, telephone number, email address, and financial information, such as a credit card number, if You use the Site to register or renew a license. We may use this
information to contact You regarding the status of Your account and orders placed, and to alert You to new information, products and services, events and other
opportunities. We recognize that You may wish to limit the ways in which You are contacted and provide You with opt-out options below. Information about Our experiences and
transactions with you, such as your payment history, types of services and/or products you purchased are not shared with organizations outside of Stickley on Security.

We will not disclose to third parties (that is, people and companies that are not affiliated with Us) individually identifying information, such as names, postal and e-mail
addresses, telephone numbers, and other personal information, except to the extent that it is necessary to process and provide You with Your order, license request or
other request. Your contact information may also be provided to the extent necessary to comply with applicable laws or legal processes (e.g., subpoenas), or to meet contractual obligations outlined in this policy, or to protect Our
rights or property. We will cooperate with all law enforcement authorities.

If Your order, license request or other request is processed by a third-party, or if You are provided with bulletin boards and chat rooms and/or email capabilities on
this Site, please note that in the event that You voluntarily disclose personally identifiable information in those instances, that information, along with any substantive
information disclosed in Your communication or post, can be collected, correlated and used by third parties. This may result in unsolicited messages from third parties. Such
activities are beyond Our control, and We encourage You to check the applicable privacy policy of such party when providing personally identifiable information.

For each visitor to this Site, Our server can detect and collect certain information, including the User's domain name and e-mail address, and can identify the Web pages the
User visited or accessed. We may use this information in order to measure interest in and use of the various areas of the site.

We do not knowingly solicit information from children and We do not knowingly market the Site or its services to children.

OPT-OUT

You may at any time opt out of having Your personal information used by Us to send You promotional correspondence by contacting Us via e-mail provided in the "Contact Us"
section below.

PROMOTION CODES

"Promotion codes" are offered by third-party affiliates of the Stickley on Security Training Videos. If you choose to include a "Promotion Code" when placing your order, the affiliate who is associated with that promotional code will receive your organizations name. They will NOT however receive any other information related to your account. The sharing of the organization name only applies when a "Promotion Code" is included during the order process.

USE OF COOKIES

1. First-party cookies
User input cookies to keep track of the user's input when filling online forms, shopping carts, etc., for the duration of a session, or persistent cookies limited to the duration of an operation such as purchase or trial;
User identification persistent cookies, to identify the user visited the website for the first time;
Authentication cookies, to identify the user once he has logged in, for the duration of a session;
user interface customization cookies such as time zone and shopping cart status info, for the duration of a session (or slightly longer).

2. Third-party cookies
social plug in content sharing cookies, for logged in members of a social network;
Google Analytics cookies to generate statistical data on how the visitor uses the website.

How do we use them?
Where strictly necessary. These cookies and other technologies are essential in order to enable the Services to provide the feature you have requested, such as remembering you have logged in.

For functionality. These cookies and similar technologies remember choices you make such as time zone and shopping cart info. We use these cookies to provide you with an experience more appropriate with your selections and to make your use of the Services more tailored.

For performance and analytics. These cookies and similar technologies collect information on how users interact with the Services and enable us to improve how the Services operate. For example, we use Google Analytics cookies to help us understand how visitors arrive at and browse our products, services and website to identify areas for improvement such as navigation, user experience, and marketing campaigns.

Social media cookies. These cookies are used when you share information using a social media sharing button or .like. button on our websites or you link your account or engage with our content on or through a social media site. The social network will record that you have done this. This information may be linked to targeting/advertising activities.

How can you opt-out?
To opt-out of our use of cookies, you can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from websites you visit. If you do not accept cookies, however, you may not be able to use our Services.

Updates to this Cookie Policy
This Cookie Policy may be updated from time to time. If we make any changes, we will notify you by revising the "effective starting" date at the top of this notice.

INFORMATION SECURITY AND CONFIDENTIALITY

We maintain physical, electronic and procedural safeguards to prevent the unauthorized release of or access to Your personal information. When We transfer and receive
certain types of sensitive information such as financial information, We redirect visitors to a secure server. We do not store or reuse Your credit card information. We do
not record or manager financial information about You (including credit card and other payment information). However, such precautions do not guarantee that this Site is
invulnerable to all security breaks. We make no warranty, guarantee, or representation that the use of this Site is protected from viruses, security threats, or other
vulnerabilities and that Your information will always be secure. We cannot guarantee the confidentiality of any communication or material transmitted to/from Us via the Site
or e-mail. Use of the Internet is solely at Your own risk and is subject to all applicable local, state, federal, and international laws and regulations.

THIRD PARTY PROCESSING

Stickley on Security uses the vendor Authorize.net to process all payment transactions. When making a purchase on this site, You also accept the Terms and Conditions and
Privacy Policy of Authorize.net.

CONTACT US

This Privacy Policy may be updated periodically and posted on this Site. It applies only to Our online practices and does not encompass other areas of the organization. We
reserve the right to change this Policy at any time by posting revisions. By accessing or using the Site, You agree to be bound by all of the Terms of this Privacy Policy as
posted at the time of Your access or use. We reserve the right to contact Users of the Site regarding changes to the Terms and Conditions generally, this Privacy Policy
specifically, or any other policies or agreements relevant to the Site's Users. If You have any questions about this Policy, You may email to:

Keep up with the latest cyber security news through our weekly Fraud News & Alerts updates.
Each week you will receive an email containing the latest cyber security news, tips and breach notifications.

Simply complete the form below and you're all set.

You're all set!

You will receive your first official security update email within the next week.
A welcome email has also just been sent to you. If you do not receive this email within the next few minutes, please check your Junk box or spam filter to confirm our emails are not being blocked.